Kali Linux渗透测试之服务扫描(二)——SNMP、SMB、SMTP扫描

1. SNMP扫描

SNMP:简单网络管理协议

  • 基于SNMP,进行网络设备监控,如:交换机、防火墙、服务器,CPU等其系统内部信息。基本都可以监控到。
  • community:登录证书,容易被管理员遗忘修改其特征字符   #可用字典破解community(public/private/manager);
  • 信息的金矿,经常被错误配置;

MIB Tree:

  • SNMP Management Information;
  • 树型的网络设备管理功能数据库;

前期准备

在目标机上安装SNMP服务,并查看服务的状态,团体信息等;

(1)SNMP扫描——onesixtyone

  • 能扫出硬件信息;
root@root:~# onesixtyone 192.168.37.130 public
Scanning 1 hosts, 1 communities
192.168.37.130 [public] Hardware: x86 Family 6 Model 78 Stepping 3 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free)

(2) SNMP扫描——snmpwalk

  • 能查出更多的信息, -v指定版本,2c使用比较广泛,但可读性不是很好;
root@root:~# snmpwalk 192.168.37.130 -c public -v 2c
iso.3.6.1.2.1.1.1.0 = STRING: "Hardware: x86 Family 6 Model 78 Stepping 3 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free)"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.311.1.1.3.1.1
iso.3.6.1.2.1.1.3.0 = Timeticks: (43123182) 4 days, 23:47:11.82
iso.3.6.1.2.1.1.4.0 = ""
iso.3.6.1.2.1.1.5.0 = STRING: "UPWARD"
iso.3.6.1.2.1.1.6.0 = ""
iso.3.6.1.2.1.1.7.0 = INTEGER: 76
iso.3.6.1.2.1.2.1.0 = INTEGER: 3
iso.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2
iso.3.6.1.2.1.2.2.1.1.196612 = INTEGER: 196612
iso.3.6.1.2.1.2.2.1.2.1 = Hex-STRING: 4D 53 20 54 43 50 20 4C 6F 6F 70 62 61 63 6B 20 
69 6E 74 65 72 66 61 63 65 00 
iso.3.6.1.2.1.2.2.1.2.2 = Hex-STRING: 41 4D 44 20 50 43 4E 45 54 20 46 61 6D 69 6C 79 
20 50 43 49 20 45 74 68 65 72 6E 65 74 20 41 64 
61 70 74 65 72 20 2D 20 CA FD BE DD B0 FC BC C6 
BB AE B3 CC D0 F2 CE A2 D0 CD B6 CB BF DA 00 
iso.3.6.1.2.1.2.2.1.2.196612 = Hex-STRING: 42 6C 75 65 74 6F 6F 74 68 20 C9 E8 B1 B8 28 B8 
F6 C8 CB C7 F8 D3 F2 CD F8 29 00 
......
iso.3.6.1.2.1.25.6.3.1.2.2 = STRING: "WebFldrs XP"
iso.3.6.1.2.1.25.6.3.1.2.3 = STRING: "VMware Tools"
iso.3.6.1.2.1.25.6.3.1.3.1 = OID: ccitt.0
iso.3.6.1.2.1.25.6.3.1.3.2 = OID: ccitt.0
iso.3.6.1.2.1.25.6.3.1.3.3 = OID: ccitt.0
iso.3.6.1.2.1.25.6.3.1.4.1 = INTEGER: 4
iso.3.6.1.2.1.25.6.3.1.4.2 = INTEGER: 4
iso.3.6.1.2.1.25.6.3.1.4.3 = INTEGER: 4
iso.3.6.1.2.1.25.6.3.1.5.1 = Hex-STRING: 07 E2 0B 11 15 33 36 00 
iso.3.6.1.2.1.25.6.3.1.5.2 = Hex-STRING: 07 E3 04 07 0B 39 34 00 
iso.3.6.1.2.1.25.6.3.1.5.3 = Hex-STRING: 07 E2 0B 11 15 35 08 00 
root@root:~# snmpwalk 192.168.37.130 -c public -v 2c iso.3.6.1.2.1.25.6.3.1.2.2
iso.3.6.1.2.1.25.6.3.1.2.2 = STRING: "WebFldrs XP"

(3)SNMP扫描——snmp-check

  • 相比snmpwalk,增强了可读性;
  • snmp-check 192.168.37.130;
  • snmp-check 192.168.37.130 -w;  #是否可写
root@root:~# snmp-check 192.168.37.130
snmp-check v1.9 - SNMP enumerator
Copyright (c) 2005-2015 by Matteo Cantoni (www.nothink.org)

[+] Try to connect to 192.168.37.130:161 using SNMPv1 and community 'public'

[*] System information:

  Host IP address               : 192.168.37.130
  Hostname                      : UPWARD
  Description                   : Hardware: x86 Family 6 Model 78 Stepping 3 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free)
  Contact                       : -
  Location                      : -
  Uptime snmp                   : 4 days, 13:40:38.12
  Uptime system                 : 4 days, 23:54:43.71
  System date                   : 2019-4-14 19:03:54.4
  Domain                        : WORKGROUP

[*] User accounts:

  x                   
  y                   
  z                   
  abc$                
  Guest               
  yaoxingzhi          
  IUSR_UPWARD         
  IWAM_UPWARD         
  Administrator       
  HelpAssistant       
  SUPPORT_388945a0    

[*] Network information:

  IP forwarding enabled         : no
  Default TTL                   : 128
  TCP segments received         : 11471
  TCP segments sent             : 4045
  TCP segments retrans          : 0
  Input datagrams               : 13960
  Delivered datagrams           : 13859
  Output datagrams              : 9959

[*] Network interfaces:

  Interface                     : [ up ] MS TCP Loopback interface
  Id                            : 1
  Mac Address                   : :::::
  Type                          : softwareLoopback
  Speed                         : 10 Mbps
  MTU                           : 1520
  In octets                     : 8291
  Out octets                    : 8291

......
[*] Network IP:

  Id                    IP Address            Netmask               Broadcast           
  196612                0.0.0.0               0.0.0.0               1                   
  1                     127.0.0.1             255.0.0.0             1                   
  2                     192.168.37.130        255.255.255.0         1                   

[*] Routing information:

  Destination           Next hop              Mask                  Metric              
  0.0.0.0               192.168.37.2          0.0.0.0               10                  
  127.0.0.0             127.0.0.1             255.0.0.0             1                   
  192.168.37.0          192.168.37.130        255.255.255.0         10                  
  192.168.37.130        127.0.0.1             255.255.255.255       10                  
  192.168.37.255        192.168.37.130        255.255.255.255       10                  
  224.0.0.0             192.168.37.130        240.0.0.0             10                  
  255.255.255.255       192.168.37.130        255.255.255.255       1                   

[*] TCP connections and listening ports:

  Local address         Local port            Remote address        Remote port           State               
  0.0.0.0               25                    0.0.0.0               47132                 listen              
  0.0.0.0               80                    0.0.0.0               20587                 listen              
  0.0.0.0               135                   0.0.0.0               39150                 
  Others                        : 0
  CGIRequests                   : 0
  BGIRequests                   : 0
  NotFoundErrors                : 0
......
root@root:~# snmp-check 192.168.37.130 -w
snmp-check v1.9 - SNMP enumerator
Copyright (c) 2005-2015 by Matteo Cantoni (www.nothink.org)

[+] Try to connect to 192.168.37.130:161 using SNMPv1 and community 'public'
[+] Write access check enabled

[!] 192.168.37.130:161 SNMP request timeout

2. SMB扫描

SMB协议:

  • Server Message Block协议;
  • 微软历史上出现问题最多的协议;
  • 实现复杂,默认在Windows上是开放的,也是最常用的协议,用于实现文件的共享;

(1)Nmap

  • 可以使用nmap扫描默认开放的端口139,445,但是不能准确判断操作系统的类型,一般情况下是Windows系统;
  • nmap 192.168.37.130 -p139,445 --script=smb-os-discovery.nse   #使用nmap自带的脚本进行操作系统的判断;
  • nmap -v -p139,445 --script=smb-vuln-*.nse --script-args=safe=1 192.168.37.130   #扫描Windows系统中的SMB协议是否有漏洞;可以使用smb-vuln-*.nse来指定所有的脚本文件,进行全扫描;
root@root:~# nmap -v -p139,445 192.168.37.130-132   #扫描3个主机,查看是否开启139,445端口
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-14 19:47 CST
Initiating ARP Ping Scan at 19:47
Scanning 2 hosts [1 port/host]
Completed ARP Ping Scan at 19:47, 0.21s elapsed (2 total hosts)
Initiating Parallel DNS resolution of 2 hosts. at 19:47
Completed Parallel DNS resolution of 2 hosts. at 19:47, 0.01s elapsed
Nmap scan report for 192.168.37.132 [host down]
Initiating Parallel DNS resolution of 1 host. at 19:47
Completed Parallel DNS resolution of 1 host. at 19:47, 0.01s elapsed
Initiating SYN Stealth Scan at 19:47
Scanning bogon (192.168.37.130) [2 ports]
Discovered open port 139/tcp on 192.168.37.130
Discovered open port 445/tcp on 192.168.37.130
Completed SYN Stealth Scan at 19:47, 0.01s elapsed (2 total ports)
Nmap scan report for bogon (192.168.37.130)
Host is up (0.00043s latency).

PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:0C:29:B6:06:CC (VMware)

Initiating SYN Stealth Scan at 19:47
Scanning bogon (192.168.37.131) [2 ports]
Completed SYN Stealth Scan at 19:47, 0.00s elapsed (2 total ports)
Nmap scan report for bogon (192.168.37.131)
Host is up (0.000035s latency).

PORT    STATE  SERVICE
139/tcp closed netbios-ssn
445/tcp closed microsoft-ds

Read data files from: /usr/bin/../share/nmap
Nmap done: 3 IP addresses (2 hosts up) scanned in 0.46 seconds
           Raw packets sent: 7 (260B) | Rcvd: 7 (284B)
root@root:~# nmap 192.168.37.130 -p139,445 --script=smb-os-discovery.nse
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-14 19:53 CST
Nmap scan report for bogon (192.168.37.130)
Host is up (0.00032s latency).

PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:0C:29:B6:06:CC (VMware)

Host script results:
| smb-os-discovery: 
|   OS: Windows XP (Windows 2000 LAN Manager)
|   OS CPE: cpe:/o:microsoft:windows_xp::-
|   Computer name: upward
|   NetBIOS computer name: UPWARD\x00
|   Workgroup: WORKGROUP\x00
|_  System time: 2019-04-14T19:53:27+08:00

Nmap done: 1 IP address (1 host up) scanned in 0.82 seconds
  •  可以使用smb-vuln-*.nse来指定所有的脚本文件,进行全扫描。
root@root:~# nmap -v -p139,445 --script=smb-vuln-*.nse --script-args=safe=1 192.168.37.130
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-14 19:58 CST
NSE: Loaded 10 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 19:58
Completed NSE at 19:58, 0.00s elapsed
Initiating ARP Ping Scan at 19:58
Scanning 192.168.37.130 [1 port]
Completed ARP Ping Scan at 19:58, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:58
Completed Parallel DNS resolution of 1 host. at 19:58, 0.30s elapsed
Initiating SYN Stealth Scan at 19:58
Scanning bogon (192.168.37.130) [2 ports]
Discovered open port 139/tcp on 192.168.37.130
Discovered open port 445/tcp on 192.168.37.130
Completed SYN Stealth Scan at 19:58, 0.00s elapsed (2 total ports)
NSE: Script scanning 192.168.37.130.
Initiating NSE at 19:58
Completed NSE at 19:58, 5.01s elapsed
Nmap scan report for bogon (192.168.37.130)
Host is up (0.00041s latency).

PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:0C:29:B6:06:CC (VMware)

Host script results:
| smb-vuln-ms08-067: 
|   VULNERABLE:
|   Microsoft Windows system vulnerable to remote code execution (MS08-067)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2008-4250
|           The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,
|           Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary
|           code via a crafted RPC request that triggers the overflow during path canonicalization.
|           
|     Disclosure date: 2008-10-23
|     References:
|       https://technet.microsoft.com/en-us/library/security/ms08-067.aspx
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250
|_smb-vuln-ms10-054: false
|_smb-vuln-ms10-061: ERROR: Script execution failed (use -d to debug)
| smb-vuln-ms17-010: 
|   VULNERABLE:
|   Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2017-0143
|     Risk factor: HIGH
|       A critical remote code execution vulnerability exists in Microsoft SMBv1
|        servers (ms17-010).
|           
|     Disclosure date: 2017-03-14
|     References:
|       https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
|       https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143

NSE: Script Post-scanning.
Initiating NSE at 19:58
Completed NSE at 19:58, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 6.03 seconds
           Raw packets sent: 3 (116B) | Rcvd: 3 (116B)

 (2)Nbtscan

  • -r 选项:使用本地端口137,兼容性好,扫描结果全;
  • 可以跨网段扫描;
root@root:~# nbtscan -r 192.168.37.0/24
Doing NBT name scan for addresses from 192.168.37.0/24

IP address       NetBIOS Name     Server    User             MAC address      
------------------------------------------------------------------------------
192.168.37.0	Sendto failed: Permission denied
192.168.37.130   UPWARD           <server>  <unknown>        00:0c:29:b6:06:cc
192.168.37.131   <unknown>                  <unknown>        
192.168.37.255	Sendto failed: Permission denied

(3) enum4linux

root@root:~# enum4linux -U 192.168.37.130
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sun Apr 14 20:18:06 2019

 ========================== 
|    Target Information    |
 ========================== 
Target ........... 192.168.37.130
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none


 ====================================================== 
|    Enumerating Workgroup/Domain on 192.168.37.130    |
 ====================================================== 
[+] Got domain/workgroup name: WORKGROUP

 ======================================= 
|    Session Check on 192.168.37.130    |
 ======================================= 
[+] Server 192.168.37.130 allows sessions using username '', password ''

 ============================================= 
|    Getting domain SID for 192.168.37.130    |
 ============================================= 
Cannot connect to server.  Error was NT_STATUS_INVALID_PARAMETER
[+] Can't determine if host is part of domain or part of a workgroup

 =============================== 
|    Users on 192.168.37.130    |
 =============================== 
Use of uninitialized value $users in print at ./enum4linux.pl line 874.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 877.

Use of uninitialized value $users in print at ./enum4linux.pl line 888.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 890.
enum4linux complete on Sun Apr 14 20:18:08 2019

root@root:~# enum4linux -a 192.168.37.130
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sun Apr 14 20:19:56 2019

 ========================== 
|    Target Information    |
 ========================== 
Target ........... 192.168.37.130
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none


 ====================================================== 
|    Enumerating Workgroup/Domain on 192.168.37.130    |
 ====================================================== 
[+] Got domain/workgroup name: WORKGROUP

 ============================================== 
|    Nbtstat Information for 192.168.37.130    |
 ============================================== 
Looking up status of 192.168.37.130
	UPWARD          <00> -         M <ACTIVE>  Workstation Service
	UPWARD          <20> -         M <ACTIVE>  File Server Service
	WORKGROUP       <00> - <GROUP> M <ACTIVE>  Domain/Workgroup Name
	WORKGROUP       <1e> - <GROUP> M <ACTIVE>  Browser Service Elections
	WORKGROUP       <1d> -         M <ACTIVE>  Master Browser
	..__MSBROWSE__. <01> - <GROUP> M <ACTIVE>  Master Browser

	MAC Address = 00-0C-29-B6-06-CC

 ======================================= 
|    Session Check on 192.168.37.130    |
 ======================================= 
[+] Server 192.168.37.130 allows sessions using username '', password ''

 ============================================= 
|    Getting domain SID for 192.168.37.130    |
 ============================================= 
Cannot connect to server.  Error was NT_STATUS_INVALID_PARAMETER
[+] Can't determine if host is part of domain or part of a workgroup

 ======================================== 
|    OS information on 192.168.37.130    |
 ======================================== 
Use of uninitialized value $os_info in concatenation (.) or string at ./enum4linux.pl line 464.
[+] Got OS info for 192.168.37.130 from smbclient: 
[+] Got OS info for 192.168.37.130 from srvinfo:
Cannot connect to server.  Error was NT_STATUS_INVALID_PARAMETER

 =============================== 
|    Users on 192.168.37.130    |
 =============================== 
Use of uninitialized value $users in print at ./enum4linux.pl line 874.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 877.

Use of uninitialized value $users in print at ./enum4linux.pl line 888.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 890.

 =========================================== 
|    Share Enumeration on 192.168.37.130    |
 =========================================== 
[E] Can't list shares: NT_STATUS_ACCESS_DENIED

[+] Attempting to map shares on 192.168.37.130

 ====================================================== 
|    Password Policy Information for 192.168.37.130    |
 ====================================================== 
[E] Unexpected error from polenum:


[+] Attaching to 192.168.37.130 using a NULL share

[+] Trying protocol 445/SMB...

	[!] Protocol failed: SMB SessionError: STATUS_ACCESS_DENIED({Access Denied} A process has requested access to an object but has not been granted those access rights.)

[+] Trying protocol 139/SMB...

	[!] Protocol failed: SMB SessionError: STATUS_ACCESS_DENIED({Access Denied} A process has requested access to an object but has not been granted those access rights.)


[+] Retieved partial password policy with rpcclient:



 ================================ 
|    Groups on 192.168.37.130    |
 ================================ 

[+] Getting builtin groups:

[+] Getting builtin group memberships:

[+] Getting local groups:

[+] Getting local group memberships:

[+] Getting domain groups:

[+] Getting domain group memberships:

 ========================================================================= 
|    Users on 192.168.37.130 via RID cycling (RIDS: 500-550,1000-1050)    |
 ========================================================================= 

 =============================================== 
|    Getting printer info for 192.168.37.130    |
 =============================================== 
Cannot connect to server.  Error was NT_STATUS_INVALID_PARAMETER


enum4linux complete on Sun Apr 14 20:20:00 2019

3. SMTP扫描

  • SMTP(Simple Mail Transfer Protocol):简单邮件传输协议;

(1) nc

root@root:~# nc -nv 192.168.37.130 25   #连接25号端口
(UNKNOWN) [192.168.37.130] 25 (smtp) open
220 upward Microsoft ESMTP MAIL Service, Version: 6.0.2600.5512 ready at  Sun, 14 Apr 2019 20:26:36 +0800 
^C

(2) nmap

  • 前提:使用端口扫描,判断出目标主机开放25号端口;
  • nmap smtp.163.com -p25 --script=smtp-enum-users.nse --script-args=smtp-enum-users.methods={VRFY}   ##扫描用户账户,指定方式为{VRFY}
  • nmap smtp.163.com -p25 --script=smtp-open-relay.nse    #扫描是否开启中继(如果开启邮件中继的话,所有人都可以使用邮件中继,甚至做一些非法的事情)
#前提:使用端口扫描,判断出目标主机开放25号端口;
root@root:~# nmap smtp.163.com -p25 --script=smtp-enum-users.nse --script-args=smtp-enum-users.methods={VRFY}
#扫描用户账户,指定方式为{VRFY}
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-14 20:27 CST
Nmap scan report for smtp.163.com (123.125.50.132)
Host is up (0.0092s latency).
Other addresses for smtp.163.com (not scanned): 123.125.50.133 123.125.50.138 123.125.50.134 123.125.50.135
rDNS record for 123.125.50.132: m50-132.163.com

PORT   STATE SERVICE
25/tcp open  smtp
| smtp-enum-users: 
|_  Couldn't find any accounts

Nmap done: 1 IP address (1 host up) scanned in 9.25 seconds
root@root:~# nmap smtp.163.com -p25 --script=smtp-open-relay.nse  #是否开启中继
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-14 20:29 CST
Nmap scan report for smtp.163.com (123.125.50.135)
Host is up (0.013s latency).
Other addresses for smtp.163.com (not scanned): 123.125.50.134 123.125.50.138 123.125.50.133 123.125.50.132
rDNS record for 123.125.50.135: m50-135.163.com

PORT   STATE SERVICE
25/tcp open  smtp
|_smtp-open-relay: Server doesn't seem to be an open relay, all tests failed

Nmap done: 1 IP address (1 host up) scanned in 7.93 seconds

 

 

├─第1章 课程介绍 │ 任务001:Kali Linux渗透测试介绍.mp4 │ ├─第2章 Kali安装 │ 任务002:Kali Linux安装-硬盘安装、虚拟机安装.mp4 │ 任务003:Kali Linux 安装-持久加密USB安装、熟悉环境、熟悉BASH命令.mp4 │ 任务004:Kali Linux安装-熟悉环境.mp4 │ ├─第3章 工作环境优化 │ 任务005:网络配置、更新升级、安装软件包、浏览器插件.mp4 │ 任务006:安装Java、安装显卡驱动、安装网卡补丁、并发线程限制、电源优化.mp4 │ 任务007:.mp4 │ 任务008:.mp4 │ ├─第4章 实验环境 │ 任务009:实验环境.mp4 │ ├─章 基本工具 │ 任务010:基本工具-NETCAT(telnet-banner、传输文本信息).mp4 │ 任务011:基本工具-NETCAT(传输-目录、流媒体服务、端口扫描、远程克隆硬盘).mp4 │ 任务012:基本工具-远程控制、NCAT、WIRESHARK、WIRESHARK-筛选器、常见协议.mp4 │ 任务013:基本工具-常见协议包、WIRESHARK-TCP.mp4 │ 任务014:WIRESHARK-信息统计、实践.mp4 │ 任务015:TCPDUMP-抓包、筛选、高级筛选、过程文档记录.mp4 │ ├─章 信息收集 │ 任务016:被动信息收集:信息收集内容、信息用途、信息收集DNS、DNS信息收集-NSLOOKUP.mp4 │ 任务017:DNS信息收集-DIGmp4.mp4 │ 任务018:DNS区域传输、DNS字典爆破、DNS信息.mp4 │ 任务019:搜索引擎、SHODAN.mp4 │ 任务020:SHODAN.mp4 │ 任务021:google搜索:实例.mp4 │ 任务022:其他途径.mp4 │ 任务023:RECON-NG.mp4 │ ├─章 主动信息收集 │ 任务024:主动信息收集-发现.mp4 │ 任务025:主动信息收集-发现().mp4 │ 任务026:主动信息收集-发现(三).mp4 │ 任务027:主动信息收集-发现(四).mp4 │ 任务028:主动信息收集-发现(五).mp4 │ 任务029:端口扫描.mp4 │ 任务030:端口扫描).mp4 │ 任务031:服务扫描.mp4 │ 任务032:操作系统识别.mp4 │ 任务033:SMB扫描.mp4 │ 任务034:SMTP扫描.mp4 │ ├─章 弱点扫描 │ 任务035:弱点扫描.mp4 │ 任务036:NMAP.mp4 │ 任务037:NESSUS.mp4 │ 任务038:NEXPOSE.mp4 │ ├─章 缓冲区溢出 │ 任务039:缓冲区溢出.mp4 │ 任务040:POP3.mp4 │ 任务041:FUZZING.mp4 │ 任务042:Linux缓冲区溢出.mp4 │ 任务043:选择和修改EXP.mp4 | ├─章 提权 │ 任务45: 抓包嗅探.mp4 │ 任务46: WCE.mp4 │ 任务47: 利用漏洞提权.mp │ 任务48: 利用配置不当提权.mp4 │ 任务49: 收集敏感数据、隐藏痕迹.mp4 │ ├─章 无线 │ 任务050:无线渗透.mp4 │ 任务051:无线网运行模式和无线网硬件设备及基本概念.mp4 │ 任务052:无线技术概念.mp4 │ 任务053:Linux 无线协议栈及配置命令.mp4 │ 任务054:RADIOTAP头部.mp4 │ 任务055:CONTROL FRAME.mp4 │ 任务056:MANAGEMENT FRAME 管理帧.mp4 │ 任务057:REASSOCIATION REQUEST FRAME.mp4 │ 任务058:WEP加密、RC4算法.mp4 │ 任务059:WPA安全系统.mp4 │ 任
相关推荐
©️2020 CSDN 皮肤主题: 书香水墨 设计师:CSDN官方博客 返回首页